Category Alerts

Hundreds of WordPress themes and plugins that make use of the Genericons package, could be vulnerable to a DOM-based XSS vulnerability affecting millions of WordPress installations. Genericons are versatile vector icons embedded in a webfont from Automattic (the creators of WordPress). The vulnerability resides in the examples.html file included in the Genericons package by default. […]

Yesterday, WordPress announced another security release, urging all users to update all WordPress installations immediately. WordPress Security Release 4.2.1 fixes yet another Stored Cross Site Scripting (XSS) vulnerability, which allows an unauthenticated user to inject JavaScript in WordPress comments. The injected script can be affect both WordPress users and WordPress administrators, and therefore this vulnerability is […]

Powering over 90% of the world wide web, Apache, IIS and nginx are considered the 3 most important web servers. They are considered to be easy to get up and running, have an active development team behind them and react quickly to security issues. Most companies running these web servers trust the communication to the […]

Cybercrimes are at an all time high, with hackers and identity thieves making a living from selling private or corporate data. If you have a hacked website, it can have far reaching repercussions especially if your website databases include your customers’ private and confidential information, such as their email addresses and credit card details. It […]

Nowadays, most web applications use databases in order to store all information and data required for a website or blog to run efficiently and dynamically. These databases often contain configuration settings as well as confidential information, such as user passwords. In order to restrict access to a database, it is common to maintain an administrative […]

An .htaccess file is a configuration file which provides the ability to specify configuration settings for a specific directory in a website. The .htaccess file can include one or more configuration settings which apply only for the directory in which the .htaccess file has been placed. So while web servers have their own main configuration […]

If a directory is not configured with the correct permissions, an intruder can upload and execute malicious files and modify critical files which can compromise your WordPress security. Eventually, the malicious user can gain full control over your web server which can lead to other serious security issues like loss of sensitive information, complete website disruption, […]

Using the default Admin WordPress Account, hackers can easily launch a brute force attack against it. In order to help deter this type of attack, you should change your default WordPress administrator username to something more difficult to guess. Fix: Do not make the following change unless you are comfortable working with PHPMyAdmin and MySQL. […]

With the display_error PHP configuration directive enabled, untrusted sources can see detailed web application environment error messages which include sensitive information that can be used to craft further attacks. Attackers will do anything to collect information in order to design their attack in a more sophisticated way to eventually hack your website or web application, and causing […]

Prefixes are given to table names so they cannot be easily guessed by a hacker or malicious user. When guessed, the default database table prefix can make life easy for a hacker and enable attacks (like SQL Injection) to be easier to execute successfully. By using the default prefix, your WordPress database security is at […]